Hi, newbie.

When my client (exp: 192.168.1.1) behind a home router tries to access my web server (exp: OpenDNS), in addition to:

From 192.168.1.1 to OpenDNS, TCP 80

another connection is created

From 192.168.1.1 to 203.106.85.67 TCP 80

This 203.106.85.67, doesnt have a domain name, and from APNIC whois, it turns out to be a "TMNET route object", owned by ACER-TMNET.

Whenever the client opens a http or even https connection, this additional connection to this "TMNET route object" is created.

What is this "route object" from TMNET?
And why/how is it iniating a connection to my client?

Sorry, but i cant edit my previous post. The link "OpenDNS" is supposed to be just some domain name - blahblah DOT com DOT my

Hehehe, sounds so complicated that I wonder anyone can help. I myself don't even know what a route object is!

__________________
Ekompute from:
Teknologi-maklumat.com

We love a mystery! The route object you got from whois is for the network 203.106.0.0/16. The more specific info from whois above that is for 203.106.85.0/8 - or is it 24? I can never remember which way round the mask works.

If your computer is connecting to 'ACER SALES & SERVICES SDN BHD' is it phoning home? Maybe ET references have been lost in time, like tears in the rain. Time to watch a movie, I think.

Anyway. Is your PC an Acer? What exactly is it doing when it connects to Acer? Got any Acer extensions on your browser? Tried a different browser? Tried Wireshark to see what it sends to Acer?

Usually your router is 192.168.1.1 - is the connection from your router to Acer, or your PC to Acer? Maybe your router isn't a router but an ADSL modem - is it connected by USB or ethernet?

That's all I've got. Hope it helps!

Wow, Seanie! You are real tech-savvy! I underestimated the participants here. The fact that I don't even know what is route object is doesn't mean everyone will not know, hehehe.

__________________
Ekompute from:
Teknologi-maklumat.com

Um, well actually, I have a PhD in Computing, but not the 'right sort' of computing. Having focussed for so long on a kind of computing that was of interest to nobody but me, I'm playing catch-up on industry buzzwords. But I do dimly remember some lectures from long ago about whois and network addresses. The 'Route Object' the OP refers to is just a name given by TM to an IP range they own. They could have called it 'Fred' just as meaningfully. The IP he looked up is within a smaller range, within that range of TM's, and seems to belong to Acer. I suspect he has some Acer supportware running.

Thanks for the replies everyone.

No the pc is not Acer. And AFAIK theres no software installed on the pc thats related Acer. Most of all, this problem occured only recently.

I'm still trying to troubleshoot and findout if its the pc problem.

Has anyone experienced the same problem?
Any suggestions is appreciated.

Are you still able to access your website even with the second connection?

There could be some program on your PC which is making the second connection. Or maybe there is something wrong with your router. Connect your PC directly to the Net by-passing the router to see what happens.

If the router has a built-in firewall, set it to block the second IP and see what happens. Or install a software firewall on your PC and block traffic for the second IP connection and see what happens.

Did you check your Task Manager to see what's running? Any Acer-related stuff in there? How about your control panel, add/remove software (can't remember exactly what it's called) any Acer stuff installed? Out of interest, what does What Is My IP Address? - IP Address Lookup, Info, Speed Test, and more tell you your ip address is?

Hi, sorry for the late reply.

I've tried with different PC (not Acer), running different clean-installed OS (ubuntu-linux, xp, vista, win98), i am very certain that this is not the client pc problem.

whatismyip.com, auditmypc.com, etc, all show my routers ip, my local ip is hidden.

All my traffics, in particular downloads have to go through this 203.106.85.67 (or .50, .51, etc)
For example if i try to download stuffs from microsoft.com (us website):

A connection to microsoft.com:80 is created and then closed, and then
a connection to 203.106.85.67:80 is created, the file i download has to go through 203.106.85.67:80.

Browsing http://203.106.85.67, shows it is indeed a web-server, or perhaps a proxy server? Is it a man-in-the-middle? I'm getting paranoid.

If any of you guys or people you know have any idea what this "TMNET Route Object", please shed some light on the subject.

Best regards.

The TMNet Route Object is of no interest. It's the wider network block that the machine you're worried about is located in. The 203.106.85.67 is a host in the 203.106.85.0 - 203.106.85.255 network range, which itself is located in a larger network address range that TM happen to refer to as "TMnet route object". They could have called it "Purple Leaping Durian" just as meaningfully. Nobody, except maybe a few people at TM, knows what "TMnet route object" means, and maybe they've even forgotten at TM. You're looking at the wrong information. I don't why the word 'Acer' appears in the whois report, but then again, it's a free-format name, so perhaps we shouldn't have read so much into it.

On the Internet, nobody knows your local IP address. Your router 'pretends' to originate all traffic from your LAN, assigning a new port each time it gets some traffic from the LAN, and sending out network packets from that port on its WAN interface. This is Network Address Translation (NAT). When the reply comes back, it comes back to the same port on the router it left from. The router uses the port to remember which LAN host the packet originally came from and forwards the packet to that LAN host. Whatismyip can only tell you what your router's IP address is.

From your description of what's happening, it sounds like a proxy cache. Use cURL:

It's an Akamai GHost server. No need for paranoia, unless you fear Akamai.

Are you on a Streamyx connection or another ISP? Did you try to connect directly by-passing your router? If you don't have any problem, then it could be your router configured to use a proxy server?

From what I can read online GHost servers don't need to be explicitly chosen, they just sit there silently intercepting traffic to bring large sites' content closer to visitors. TM will like this sort of thing, because it will reduce load on their overseas connections. Now if only they'd put a few big Azureus servers in their datacentres...

It would be interesting to know exactly how it works - whether redirects are being used, or whether its anycast DNS or something. Not interesting enough for me to find out for myself, mind!

Thanks for all replies.

mylinear: I've tested, same result whether the client pc is behind a router or directly connected to streamyx

seanie: Thanks for the informative reply! Its the first time i've every heard of AkamaiGHost cache server. Now i know what it is i can rest at ease.

Thanks again everyone.